CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-3683

HIGH
8.8
CVSS Severity Score
EPSS Score0.0960%
EPSS Percentile25.35th
Published2020年1月17日
Last Modified2024年11月21日

Vulnerability Description

The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and delete arbitrary resources, contrary to expectations.

Affected Platforms (CPE)

📦
Suse

Openstack Cloud

= 8.0
📦
Suse

Keystone Json Assignment

< 2019-02-18
📦
Hp

Helion Openstack

= 8.0

References & Advisories

🔗 https://bugzilla.suse.com/show_bug.cgi?id=1124864
🔗 https://www.suse.com/security/cve/CVE-2019-3683/
🔗 https://bugzilla.suse.com/show_bug.cgi?id=1124864

関連する脆弱性情報

CVE-2018-179549.3

An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenSt...

CVE-2018-10006038.8

A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, In...

CVE-2019-38958.0

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Dire...

CVE-2021-253217.8

A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Serve...